Improving basic access control
Valid from Pega Version 8.5
Pega Platform™ has implemented a new basic access control (BAC) to protect your application from unauthorized server calls from otherwise authenticated users.
For more information, see Access Control Checks.
Upgrade impact
After you upgrade to Pega 8.5, all the functionality in the model configurations that use auto-generated controls and actions continues to work as before. However, you must secure any customized JavaScript in your application layer that makes AJAX (server) calls by using registration or encryption mechanisms.
What steps are required to update the application to be compatible with this change?
After upgrade, to migrate custom JavaScript functionality, see Access Control Checks.
New JWT access token format: Authorized Access Token
Valid from Pega Version 8.5
Pega Platform™ is changing from using opaque tokens to using JSON Web (JWT) tokens and the JWT access token format: Authorized Access Token (AAT). An AAT enables a client application to validate the server for user permissions and authorizes a specific application to access specific parts of a user’s data.
The major benefits to using the JWT format are:
- The JWT is a self-contained token that has authentication information, expire time information, and other user-defined claims digitally signed.
- A single token can be used with multiple applications.
- The tokens are short-lived and can minimize damage if transport security is compromised, as the token signature is verified.
- As the token is verified with the signature, there is no need to verify against a database, thus reducing latency (usually important for Web APIs).
For more information, see Understanding authorized access tokens.
Anypicker control is now available
Valid from Pega Version 8.4
The new Anypicker control displays a drop-down list of values that you can group into expandable categories for faster browsing. To save time and improve search accuracy, the Anypicker control filters the available values based on the characters that the user enters.
For more information, see Adding an Anypicker control.
Anypicker control in a condition builder
Valid from Pega Version 8.4
The condition builder now uses the Anypicker control to categorize the entities, such as fields or when conditions, that your application compares at run time. As a result, you can create conditions in a simplified and accelerated way. You can also select fields that are up to four levels deep within field groups.
For more information, see Create conditions faster with an Anypicker control (8.4), Adding an Anypicker control, Defining conditions in the condition builder.
Control group configuration for predictions
Valid from Pega Version 8.5
You can now configure a control group for your predictions in Prediction Studio. Based on the control group, Prediction Studio calculates a lift score for each prediction that you can later use to monitor the success rate of your predictions.
For more information, see Customizing predictions.
Improved access to Cosmos UI settings
Valid from Pega Version 8.5
The Settings tab in the App Studio case designer now includes tools for configuring Cosmos UI. With this enhancement, you can adjust design system settings without the need to specialize individual When rules in Dev Studio, which simplifies UI creation and saves development time.
For more information, see Managing Cosmos UI settings in case designer.
Ability to restrict access to the Import wizard
Valid from Pega Version 8.5
You can now restrict access to the Import wizard so that users implement an automated pipeline to deploy changes between environments such as staging and production. Deployment Manager is one method by which to create pipelines. By using pipelines to propagate changes, users can apply a standardized and automated deployment process for migrating their applications.
For more information, see:
- Ensuring that users migrate applications with a pipeline by restricting the Import wizard
- Understanding model-driven DevOps with Deployment Manager
Custom DX API attributes for auto-generated controls
Valid from Pega Version 8.5
Auto-generated controls now include the option to add custom attributes for use with the Pega Digital Experience (DX) API. The attributes are part of the DX API response to the front end and you can use them to modify the run-time behavior of the UI elements in your application. For example, you can add an attribute to a field that displays a tooltip text for that field at run time. This enhancement introduces significant flexibility to application development and gives you greater control over UI components.
For more information, see Adding custom attributes for version 1 DX API to auto-generated controls.
Access PegaUnit compliance metrics from a centralized location
Valid from Pega Version 8.5
PegaUnit compliance metrics and execution rate have been added to the PegaUnit metrics tile of the Application Quality dashboard. This dashboard provides a centralized location for all PegaUnit data for a specific application.
The dashboard also supports granular PegaUnit test information for each case type and data type, similar to the process currently available on the branch quality dashboard.
For more information, see Analyzing application quality metrics.
Rules can no longer access Pega internal Java packages
Valid from Pega Version 8.4
You can no longer create rules that access Java packages that reference internal APIs (syntax com.pega.platform.*.internal*
). This change does not affect rules that access Pega public API packages.
If you encounter issues when running existing rules that reference internal Pega APIs, contact Pega Support.
Upgrade impact
After an upgrade to 8.4 and later, clients can no longer save new or modified rules that access Pega internal APIs; existing rules that reference internal APIs can still be run but cannot be modified.
What steps are required to update the application to be compatible with this change?
Following a software upgrade to 8.4 or later, clients can refactor existing rules into guardrail compliant rules. To find rules to refactor, run the validation tool from designer studio (Application > Tools > Validation) to identify what rules fail validation; failed rules that include the message "Test compilation failed : Illegal internal class reference : com.pega.internal.XYZ" can updated to reference appropriate APIs.